{
 "cells": [
  {
   "cell_type": "code",
   "execution_count": null,
   "id": "e95fa36b-7118-4fd8-a3b2-b4424bda2178",
   "metadata": {},
   "outputs": [],
   "source": [
    "import os\n",
    "import requests\n",
    "from dotenv import load_dotenv\n",
    "from bs4 import BeautifulSoup\n",
    "from IPython.display import Markdown, display\n",
    "from openai import OpenAI\n"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "id": "a0356762-4a3f-437a-908e-192aa9c804c7",
   "metadata": {},
   "outputs": [],
   "source": [
    "load_dotenv(override=True)\n",
    "api_key = os.getenv('OPENAI_API_KEY')\n",
    "\n",
    "# Check the key\n",
    "\n",
    "if not api_key:\n",
    "    print(\"No API key was found - please head over to the troubleshooting notebook in this folder to identify & fix!\")\n",
    "elif not api_key.startswith(\"sk-proj-\"):\n",
    "    print(\"An API key was found, but it doesn't start sk-proj-; please check you're using the right key - see troubleshooting notebook\")\n",
    "elif api_key.strip() != api_key:\n",
    "    print(\"An API key was found, but it looks like it might have space or tab characters at the start or end - please remove them - see troubleshooting notebook\")\n",
    "else:\n",
    "    print(\"API key found and looks good so far!\")\n"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "id": "eb747863-30bd-4a0b-b359-b37223884075",
   "metadata": {},
   "outputs": [],
   "source": [
    "openai = OpenAI()\n",
    "message = \"Hello, GPT! This is my first ever message to you! Hi!\"\n",
    "response = openai.chat.completions.create(model=\"gpt-4o-mini\", messages=[{\"role\":\"user\", \"content\":message}])\n",
    "print(response.choices[0].message.content)"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "id": "fae60901-3564-4f26-a812-fc16d3b95bdb",
   "metadata": {},
   "outputs": [],
   "source": [
    "def get_page_source(url):\n",
    "    response = requests.get(url)\n",
    "    response.raise_for_status()  # Hata varsa bildirir\n",
    "    return response.text  # Ham HTML metni döner\n",
    "\n",
    "system_prompt = \"You are an assistant analyzing the source of a website and checking for security vulnerabilities.\"\n",
    "\n",
    "def user_prompt_for(url):\n",
    "    user_prompt = \"Below is the HTML source of the website:\\n\\n\"\n",
    "    user_prompt += get_page_source(url)  \n",
    "    user_prompt += \"\\n\\nPlease check this website and search for security vulnerabilities. \"\n",
    "    user_prompt += \"If you don't find any, print 'No vulnerability found.' \"\n",
    "    user_prompt += \"If you find a potential vulnerability risk, describe the vulnerability risk and print 'Potential Vulnerability Risk'.\"\n",
    "    user_prompt += \"If you find a direct, explicit vulnerability, describe the vulnerability and CVSS Score print 'ATTENTION! Vulnerability is Found.'\"\n",
    "    user_prompt += \"If you find both a potential vulnerability risk and a direct, explicit vulnerability, describe them and CVSS Score print 'ATTENTION! Potential Vulnerability Risk and Direct Vulnerability are Found!!'\"\n",
    "    return user_prompt\n",
    "\n",
    "def messages_for(url):\n",
    "    return [\n",
    "        {\"role\": \"system\", \"content\": system_prompt},\n",
    "        {\"role\": \"user\", \"content\": user_prompt_for(url)}\n",
    "    ]\n",
    "\n",
    "def check_vuln(url):\n",
    "    response = openai.chat.completions.create(\n",
    "        model = \"gpt-4o-mini\",\n",
    "        messages = messages_for(url)\n",
    "    )\n",
    "    return response.choices[0].message.content\n",
    "\n"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "id": "e048c27f-f659-4c92-a47c-679bf6e5bf5f",
   "metadata": {},
   "outputs": [],
   "source": [
    "def display_vuln(url):\n",
    "    display_vuln = check_vuln(url)\n",
    "    display(Markdown(display_vuln))"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "id": "69f5852f-ca5b-4933-b93c-e9f2d401467a",
   "metadata": {},
   "outputs": [],
   "source": [
    "display_vuln(\"https://edwarddonner.com\")"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "id": "824943fc-e5a5-424a-abec-56767a709782",
   "metadata": {},
   "outputs": [],
   "source": [
    "display_vuln(\"http://192.168.1.113/\") #local apache server IP, contains xss_vulnerable_example.html"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "id": "e3543846-e0c6-4504-8b65-2f675f0f7ebe",
   "metadata": {},
   "outputs": [],
   "source": [
    "display_vuln(\"https://www.google.com\")"
   ]
  }
 ],
 "metadata": {
  "kernelspec": {
   "display_name": "Python 3 (ipykernel)",
   "language": "python",
   "name": "python3"
  },
  "language_info": {
   "codemirror_mode": {
    "name": "ipython",
    "version": 3
   },
   "file_extension": ".py",
   "mimetype": "text/x-python",
   "name": "python",
   "nbconvert_exporter": "python",
   "pygments_lexer": "ipython3",
   "version": "3.11.13"
  }
 },
 "nbformat": 4,
 "nbformat_minor": 5
}
